Hacker. I hate that word.  It's taken on a life of its own in today's technophobic and media-frenzied society.  It's like a wizard from a Harry Potter novel, or the force from Star Wars.  Any time something happens that can't be reasonably explained, 'hacker' functions as a hand-wave rationalisation that covers the cracks in the logic. Nobody questions it, everybody fears it. "I was hacked".

There are a number of factors that have collectively contributed to the anxiety and distrust harboured by the computer-using population.

First, I should probably address my lack of blog posts: I'm not dead. I just haven't had time to write much lately. Ate a lot of Quavers, though, so it wasn't a complete loss.

Second, more relevantly, we're going to examine the theatricality of The Hacker in most people's minds. Like a stage performer, The Hacker is nobody without The Audience to gasp, cheer and shriek in fear and excitement each time he pulls one of his tricks.  Let's look at this first.

The Audience's Perception

The public's perception of a "hacker" has been cultivated for some time now by many parties, all of whom have something to gain from the effort. The Usual Suspects include...

Security software companies

They like to exaggerate the image of The Hacker to create a bogey-man figure who will eat you if you don't buy and use their software. Bundled security software with new computers is one of the ways in which these companies enjoy a virtually guaranteed income.  Exaggerate the problem and provide the solution right there at the point of sale.  It's so dangerous; the answer is so easy... who would refuse?

The tabloid press

Selling dead trees hasn't been going so well lately and nothing sells better or faster than fear, uncertainty and doubt.  The internet exploded with such a tidal force that jolted every sect and schism of society that the speed of change and influence that it has cast has left many feeling decidedly unsettled by the still-unfamiliar technology.  As if that wasn't bad enough, the damned thing won't stay the same for longer than two minutes at a time.  Continually changing and evolving, people feel intimidated and overwhelmed by it.  The newspapers are only too happy to play to this fear and encourage it anytime anything appears to go wrong, leading the readers to the conclusion that it's all very dangerous, unpredictable and seemingly beyond any control or avoidance.  How many times have we read about people losing thousands on eBay, having their bank accounts accessed, or even stalkers on Facebook?

The Hackers themselves

The actual people themselves tend to enjoy and cultivate the exciting and powerful persona of The Hacker.  Going online from the safety of a keyboard in a dark room allows them to play a role that they can't play in real life.  The Hacker is a suave, intimidating and powerful magician who always has the upper hand, is always one step ahead, and who can levitate your bank account if you tick him off.  Quiet as a Ninja, cool as a rock star, they operate underground (figuratively), and are the risk-taking bad-boys of the Internet.  Who could resist such an awesome power trip?

Movies

Watching films like Swordfish and The Matrix is a swift reminder that Hollywood generally values style over substance.  The characters in these films are idolised by teenage audiences to the extent that they want to be that way in real life.  Like all the present-day investment bankers who were inspired by the style and persona of Gordon Gekko in Oliver Stone's "Wall Street" during the 80s, The Matrix gave us a generation of adolescents who wear three layers of heavy leather in the summer and who want to wage a freedom-fighting cyberwar against faceless oppressors.

Overall, it really is a case of paying no attention to the man behind the curtain.  When you strip away all the material embellishment and mythology surrounding these creatures, they're just people the same as everyone else.  They work jobs.  They go home.  They go online.  When it comes to the magical things that they can do... as we will find out in a moment, they don't actually do very much at all.  The victim in most cases is the unwitting accomplice, and the hack itself is little more than a cheap, staged illusion perpetrated by a technically-knowledgable con artist.

The Illusionist

So, much of the audience's psychological preparation and conditioning has been taken care of already by the diet of fear given to them by the sources we examined above.  Not only do they already believe in the magic, but they're ready and willing to attribute pretty much anything that happens directly to it.  Computer throws up an error?  Must be a hacker!  Unexpected reboot?  Hacker.  Pets acting strangely?  Hacker.

All the performer has to do from this point is exploit the vulnerable crowd by meeting their pre-conceived expectations.

Yet... it takes a certain kind of individual to actually want to do this.  Most people have at least a basic sense of altruism towards their fellow people.  Even those you haven't met.  You might not be actively helping them, but you certainly wouldn't wish them ill, nor want to manipulate them from afar to their pshychological or even material detriment.

That is, unless you're still a child who is barely out of nappies.  The thing about the Internet, which is one of those matter-of-fact quirks of fortune that we just need to live with, is that most of the scary "men" haven't actually started shaving yet.  Think back to when you were younger.  You didn't understand consequence, you didn't have to pay bills, you didn't do much of anything in the real world.  It was all about your status, your appearance, your playground credibility, being the cool kid who gets attention.  Put yourself back into that mindset, and you'll start thinking like the Illusionist does.

The Con

This is where the magic seems to happen. From this starting point, with an unsuspecting audience primed and the illusionist ready, there are many common methods that the typical "hacker" will use in order to facilitate access to your stuff.

E-Mail

If the Hacker decides he wants to access your email, he will need your username and your password.  In some unfortunate cases, the person's password is "password".  This doesn't happen very often thankfully, but when it does, you'd struggle to call it anything other than negligence on the part of the user.

With most people now using web-based e-mail services (where you access your email through a webpage such as Google, Yahoo, Gmail) there is often the possibility that the user will forget his or her details.  The provider allows the user to set a security question to answer when this happens.  The problem is that anyone can pretend to be you with a lost password.  Often the question will be something obvious, mother's maiden name, name of first pet and so on.  In a process called "social engineering", the suave-talker will strike up a conversation with the individual, and simply ask them for the answer to this question.  That is, if they don't already know the answer.  By supplying this, the provider will allow the Hacker to reset the password... and that's it.  They now have access.

From here, virtually any other website the person has an account with will have a similar forgotten password system.  These sites will allow the user to request a new password be sent to their e-mail address.  Trouble is, the Hacker is the one who will now receive it, meaning they now have access to their other websites as well.

Moral of the story?  Set a decent security question.

E-Mail Worms

Nobody likes worms.  They're wriggly and always leave the toilet seat up.  Worms through e-mail is something different, however.

Many viruses tend to spread themselves through the e-mail of unsuspecting social networks.  Family, friends, they all e-mail each other regularly with jokes, pictures, spam.  The trouble happens when one person accidentally ends up with the sort of virus that propagates by sending e-mails to your contact list.  The result?  Your friends and family will receive an odd e-mail from you with an infected attachment.  "Look at this!" or something will be the message, which your friends will assume was typed by you.  They open it, the worm spreads itself to their list as well, and so on it goes.

You can only get infected if you run the attachment.  If you get an e-mail promising the best thing ever that sounds like it was written by a stranger, just delete it.

Phishing

Another very common tactic is to lure a person into a fake website, either through an e-mail or other means.  Not dissimilar to a fake piece of headed paper from a company, virtually anyone can build an official-looking website with a company logo and nice-sounding text on it.

Commonly, the user receives an e-mail asking them to "update their account details" or "their account will be frozen".  The e-mail then includes a clickable link that goes to a totally fake website requesting the user's passwords in order to "fix" the account.

I don't think I need to explain this one much.  If you input your details into a fake website, you're giving them away, much as if you had written your phone number on the wall of a public toilet offering a "good time".

Fortunately, it isn't difficult to avoid.  Simply don't give any details to any sites that you've opened from within an email.  If the bank e-mails you, visit their website by typing the correct address yourself.  If eBay e-mails you, do the same.  When you type the address yourself, or even look it up in Google, you know where you are going. As an additional tip, any time you enter any personal details, ensure the website address begins with "https" instead of "http".  This signifies a secure connection.  Also watch for horrendous use of English from companies that should be able to speak it.

Writing Things Down

Now we're just getting ridiculous.  If you write things down, and lose them, someone else could find them and misuse them.  This is not getting "hacked", this is just being "daft".

Once Upon a Time...

... on one occasion, when I was assisting a friend who was being "hacked", it was quite interesting to back-trace events to find out what actually happened in order to contrast what the perpetrator tried to make seem was happening.

She was using a chat network and talking to an individual about something.  Throughout the conversation, the individual began dropping questions in at random, asking for her email address, her first car, her favourite colour... over the course of 15 to 20 minutes.  She didn't realise anything out of the ordinary at the time.

A short while later, the individual was accessing her e-mails, suavely showing off his knowledge of who was e-mailing her, attributing the knowledge to his "mad skillz", and generally being a dingbat.  This naturally prompted fear and uncertainty in the unsuspecting female, who was being taken in by the act of the suave hacker.

My friend didn't realise at the time he was actually asking for information that would allow him to answer her secret question to restore a forgotten password, and was mystified and frightened by the experience. This was exactly what was happening. After spending a few minutes getting to the bottom of the apparent magic trick, we changed her passwords and called it done.

When the explanation became apparent, she kicked herself for jumping to silly conclusions and allowing him to scare her.

The Truth

You can't handle the truth.  I'll give you it though, anyway.

Actual cases of people being "hacked", even using the above tricks, are very rare.  Never attribute to convoluted "hacking" that which can be easily explained by faulty software, children with "Administrator" access, or any number of other more likely causes.  Windows crashing, for example, can be caused by a hundred other things before you even consider the technical gymnastics required to access a person's computer and cause such a thing.  Most instances of "hacking" simply involve an intruder gaining access to services, such as e-mail, that a user normally accesses themselves.

In most cases, much as with crime on the streets, the victim is not simply selected at random.  Normally it is retribution between "friends", people playing tricks on each other, or a consequence of hanging out at the wrong e-places.

If you do suspect someone is or has accessed your files... think about the situation rationally, bearing all of the above in mind, and simply change your security details on whatever service seems to be compromised.